Sunday, 7 November 2004

What's next for "Secure Flight" testing?

Two week's after the close the public comment period on testing of the USA Transportation Security Administration's (TSA's) proposed Secure Flight airline passenger "screening" scheme, there's been no comment from the TSA on when or if the tests will actually begin.

But before the TSA can requisition the test data from the airlines, or start using it in tests, two other things must be done by agencies other than the TSA -- at least one of which will, presumably, be publicly disclosed, but hasn't been yet:

One: The (Presidential) Office of Management and Budget must approve the proposed Information Collection Request (order to the airlines). Under the Paperwork Reduction Act, this requires either a series of assessments of the impact of the proposal (none of which were mentioned in the TSA's published notice of its proposals), or certification by the OMB that the request meets the statutory criteria for "emergency" approval (which it doesn't, as I argued in my comments to the OMB ). In either case, OMB's clearance must be accompanied by the issuance of an "OMB control number" that must be printed on each copy of the information request form.

The OMB hasn't responded to my requests for information on whether they have approved the emergency clearance request or issued a control number for the Secure Flight testing information request. And I haven't been able to determine if such an emergency clearance, or issuance of a control number, would be a matter of public record. But unless the OMB approves the request on an emergency basis, the required assessments are likely to take at least several weeks, even on a pro forma basis.

In theory, the TSA could award the contract for Secure Flight testing before getting OMB approval to requisition the test data from airlines and the Computerized Reservation Systems (CRS's) that host their databases of PNR's. But the TSA can't demand the test data without OMB approval, which I strongly suspect it doesn't yet have. And airlines have said (probably truthfully in this case, depite their and the TSA's earlier lies) that they will turn over the data only if ordered to do so, despite privacy (non)protection polices that would permit them to give the government any information it asks for, even without a binding order.

Two: Under new oversight provisions of H.R. 4567, the Department of Homeland Security Appropriations Act, 2005 (Public Law 108-334), Section 552(d), the TSA can't spend any money even for testing of Secure Flight "until TSA has developed measures to determine the impact of such [identity] verification on aviation security and the Government Accountability Office [GAO] has reported on its evaluation of the measures."

(This provision doesn't name "Secure Flight", but does apply to any "identity verification system that utilizes at least one database that is obtained from or remains under the control of a non-Federal entity". Since the only way for the TSA to obtain PNR's is from the databases of airlines, CRS's, travel agencies, or other non-federal travel entities, this provision clearly includes any system that uses PNR data.)

As I reported earlier, original version of this bill would have exempted anything labeled as "testing" from its oversight provisions. But several additional oversight provisions, including this one on testing of Secure Flight and similar programs, were added to the bill (which became law 18 October 2004) after the TSA had published its Secure Flight testing proposals, and before the end of the public comment period.

One of the TSA's notices about the Secure Flight testing proposals in the Federal Register said that the order to the airlines was to be issued (if the OMB approved), on 29 October 2004. That was also the date anticipated in the request for proposals (RFP) for the award of the prime contract for Secure Flight testing. But these notices, and the RFP, were all issued before the Homeland Security Appropriations Act was enacted.

As of last week, GAO investigators were still conducting interviews for their report on Secure Flight testing. Unless the GAO has issued its required report in secret (which seems unlikely), the TSA can't yet legally have awarded the contract or ordered airlines or CRS's to turn over test data, and won't do so until the GAO report is published.

The Homeland Security Appropriations Act allows Secure Flight testing to go forward without restriction as soon as the GAO makes its initial report, as long as the GAO reports that the "TSA has developed measures to determine the impact of [identity] verification on aviation security." Much more stringent requirements apply to deployment of Secure Flight on anything other than a test basis: before that can happen, the GAO must issue a second report (due by 28 March 2005 at the latest) and certify that a list of ten criteria have been met:

SEC. 522. (a) None of the funds provided by this or previous appropriations Acts may be obligated for deployment or implementation, on other than a test basis, of the Computer Assisted Passenger Prescreening System (CAPPS II) or Secure Flight or other follow on/successor programs, that the Transportation Security Administration (TSA), or any other Department of Homeland Security component, plans to utilize to screen aviation passengers, until the Government Accountability Office has reported to the Committees on Appropriations of the Senate and the House of Representatives that--

(1) a system of due process exists whereby aviation passengers determined to pose a threat are either delayed or prohibited from boarding their scheduled flights by the TSA may appeal such decision and correct erroneous information contained in CAPPS II or Secure Flight or other follow on/successor programs;

(2) the underlying error rate of the government and private data bases that will be used both to establish identity and assign a risk level to a passenger will not produce a large number of false positives that will result in a significant number of passengers being treated mistakenly or security resources being diverted;

(3) the TSA has stress-tested and demonstrated the efficacy and accuracy of all search tools in CAPPS II or Secure Flight or other follow on/successor programs and has demonstrated that CAPPS II or Secure Flight or other follow on/successor programs can make an accurate predictive assessment of those passengers who may constitute a threat to aviation;

(4) the Secretary of Homeland Security has established an internal oversight board to monitor the manner in which CAPPS II or Secure Flight or other follow on/successor programs are being developed and prepared;

(5) the TSA has built in sufficient operational safeguards to reduce the opportunities for abuse;

(6) substantial security measures are in place to protect CAPPS II or Secure Flight or other follow on/successor programs from unauthorized access by hackers or other intruders;

(7) the TSA has adopted policies establishing effective oversight of the use and operation of the system;

(8) there are no specific privacy concerns with the technological architecture of the system;

(9) the TSA has, pursuant to the requirements of section 44903 (i)(2)(A) of title 49, United States Code, modified CAPPS II or Secure Flight or other follow on/successor programs with respect to intrastate transportation to accommodate States with unique air transportation needs and passengers who might otherwise regularly trigger primary selectee status; and

(b) During the testing phase permitted by paragraph (a) of this section, no information gathered from passengers, foreign or domestic air carriers, or reservation systems may be used to screen aviation passengers, or delay or deny boarding to such passengers, except in instances where passenger names are matched to a government watch list.

( c ) None of the funds provided in this or any previous appropriations Act may be utilized to develop or test algorithms assigning risk to passengers whose names are not on government watch lists.

(d) None of the funds provided in this or any previous appropriations Act may be utilized to test an identity verification system that utilizes at least one database that is obtained from or remains under the control of a non-Federal entity until TSA has developed measures to determine the impact of such verification on aviation security and the Government Accountability Office has reported on its evaluation of the measures.

(e) TSA shall cooperate fully with the Government Accountability Office, and provide timely responses to the Government Accountability Office requests for documentation and information.

(f) The Government Accountability Office shall submit the report required under paragraph (a) of this section no later than March 28, 2005.

"Congress shall make no law ... abridging ... the right of the people peaceably to assemble." (U.S. Constitution)

"Everyone has the right to freedom of movement and residence within the borders of each state. Everyone has the right to leave any country, including his own, and to return to his country." (Universal Declaration of Human Rights)

"Liberty of movement is an indispensable condition for the free development of a person." (United Nations Human Rights Committee)